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Claims 1-24 were pending at the time of the Office Action. 

Claims 18-22 are allowed. 

Claims 3, 4, 6-12 and 15-17 are objected to. 

Claims 1, 2, 5 3 13, 14, 23 and 24 are rejected under 35 U.S.C. § 102(b). 

No claims are canceled by the current response. 

Please amend claims 1, 2, 8 5 11, 12 and 18-22 as follows: 



Clean Version Of The Pending Claims Under 37 C.F.R. Sl,121(c)(3); 

In accordance with 37 C.F.R. §1.12 1(c)(3), claims 1-24 are submitted 
below as a clean version of the entire set of pending claims in this single 
amendment paper. In addition, a marked up version of amended claims 1, 2, 8, 11, 
12 and 18-22, showing all the changes relative to the previous version of these 
claims, is submitted on one or more pages separate from this amendment in 
accordance with 37 C.F.R. §1. 121(c)(3). 

A. (Amended) A computerized method for key-based secure storage 
comprising: / 

downloading information and an access predicate that specifies 
requirements for an application to access the information; 

obtaining a storage key; 

encrypting the info/mation using the storage key; and 
associating the access predicate with the encrypted information. 

2. (Amended) /The computerized method of claim 1, further 
comprising: / 
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decrypting the infor nation for access by an application only if the 
application meets the requirements specified in the access predicate. 



3. The computerized ril 
application storage key and obtainfn 
generating a seed vaflue 
producing a hash 
one-way hash function; 
and 

generating the appli 



ethod of claim 1, wherein the storage key is an 
g the application storage key comprises: 
e; 

eed value based on the seed value using a 



ation storage key from the hash seed value. 



4. The computerized piethod of claim 1, wherein the storage key is a 
user storage key 

and obtaining the user stoHage key comprises: 
generating a seed value; 
producing a first hash seed value based on the seed value using a 
one-way hash function; 

producing a second hash seed value based on the seed value and a 
user identifier using a keyed hash function; and 

generating the usei storage key from the second hash seed value. 



The 

obtaining an 
encrypting the ao 



computerized method of claim 1 5 further comprising: 
operajting system storage key; and 

ess predicate with the operating system storage 



key. 
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6. The computerized method of claim 5 5 further comprising: 

encrypting a plurality of other storage keys using the operating 



system storage key, wherein 



consisting of application storage keys and user storage keys 



The computed 



operating system storage key comprises: 



the other storage keys are selected from the group 



2ed method of claim 5 5 wherein obtaining the 



generating a seec 



generating the operating system storage key based on the seed value. 



value: and 



8. (Amended) The 



computerized method of claim 1, wherein the 



storage key comprises an appli :ation storage key and a user storage key to encrypt 



information containing portion 
user, and obtaining the storage 
generating a seec 



specific to an application and a portion specific to a 
ey comprises: 
value for the application; 



producing an application hash seed value based on the seed value for 



the application using an applica 
generating an app 

value; 

generating a seec 
producing a first 



ion-specific one-way hash function; 

ication storage key from the application hash seed 



value for the user; 

user hash seed value based on the seed value for the 
user using a one-way hash func ion; 

producing a secor d user hash seed value based on the first user hash 
seed value and a user identifier Rising a keyed hash function; and 
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generating a user srorage key from the second user hash seed value. 



storing the storage 



recovering the stomge key from the key vault. 



10. The computerizec 
key comprises: 

requesting recover^ 
providing informa 

request. 



9. The computerized piethod of claim 1, further comprising: 



cey in a key vault provided by a third-party; and 



nethod of claim 9, wherein recovering the storage 



of the storage key; and 

ion to the third-party to enable validation of the 



1 1 . (Amended) Th 
comprising: 

selecting the key 
trusted operating system. 



5 computerized method of claim 9, further 



vault from a plurality of key vaults provided by a 



12. (Amended) Tpe computerized method of claim 9, further 
comprising: 

selecting the key vault designated by a provider of the information. 



13. The computeri2;< 
performed in the order recitec 



14. A computer system comprising: 



ed method of claim I wherein the elements are 
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a processing unit; 

a system memory coupled to the processing unit through a system 



bus; 



a computer-readable medium coupled to the processing unit through 
a system bus; and 

a generate key function executed from the computer-readable 



medium by the processin 
processing unit to generate 
for the operating system. 



unit, wherein the generate key function causes the 
an operating system storage key based on an identity 



15. The computer system of claim 14, wherein the operating system 
storage key is further based op a seed. 



16. The computer system of claim 14, further comprising: 



an application 
computer-readable medium 



specific one-way hash function causes the processing unit to generate an 



application storage key from 

a generate 
computer-readable medium 



specific one-way hash function executed from the 
by the processing unit, wherein the application 



a hashed seed; and 

application key function executed from the 
by the processing unit, wherein the generate 
application key function causes the processing unit to generate the hashed seed 
from an application seed. 

17. The computer system of claim 14, further comprising: 



Lee & haves, pllc 



J0504020S48 C:\Documents and SettitigsUeaiuMocai Settings\Temjx>rary Internet Fiks\OLKI67D\MSl-282Ut 



1 

2 
3 
4 
5 
6 
7 
8 
9 

10_ 

11 
12 
13 

15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 



bnctic 



a key-hash function executed from the computer-readable medium 
by the processing unit, wherein the key-hash function causes the processing unit to 

from a hashed seed and an identity for the user; 
lash function executed from the computer-readable 



generate a user storage ke; 

a one-way 



medium by the processing unit, wherein the one-way hash function causes the 



processing unit to generate 



a generate user key function executed from the computer-readable 



medium by the processing 
processing unit to generate 



18. (Amended) 
a processing 



bus; 



the hashed seed from a previously hashed seed; and 



unit, wherein the generate user key function causes the 
the previously hashed seed from a user seed. 



A computer system comprising: 
init; 



a system menory coupled to the processing unit through a system 



a computer-readable medium coupled to the processing unit through 
a system bus; and 

a trusted operating system executed from the computer-readable 
medium by the processing unit, wherein the trusted operating system causes the 
processing unit to encrypt downloaded information using a storage key based on a 
seed value. 



19. (Amended) 



associated with the down 
key, to encrypt the seed 



The computer system of claim 1 8, wherein the trusted 



operating system further causes the processing unit to encrypt an access predicate 



oaded information using an operating system storage 
value for the storage key using the operating system 
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storage key 5 and to associate the 
seed value. 



encrypted access predicate with the encrypted 



20. (Amended) The computer system of claim 19, wherein the trusted 
operating system further causes the processing unit to validate each application 
requesting access to the downloaced information using the access predicate, and 
decrypts the seed value for use by a validated application. 



21. (Amended) The computer system of claim 18, wherein the storage 
key used to encrypt the download* ;d information is specific to an application. 



22. (Amended) The ccmputer system of claim 18, wherein the storage 
key used to encrypt the downloaded information is specific to a user. 



instructions stored thereon to 
comprising: 



23. A computer-reac able medium having computer-executable 



cause a server computer to perform a method 



entering into a seoure connection with a client computer; 
obtaining a session key specific to the secure connection; 
with the session key; and 



encrypting data 
downloading the 



24. A computer-r 
instructions stored thereon \o 
comprising: 
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encrypted data to the client computer. 

adable medium having computer-executable 
cause a client computer to perform a method 
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